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Abstract - Cloud-based outsourced storage relieves the client’s load for storage 
management and maintenance by providing a comparably low-cost, scalable, location- 
independent platform. Though, the information that clients no longer have physical control of 
data specifies that they are facing a potentially formidable risk for missing or corrupted data. 
To avoid the security risks, inspection services are serious to ensure the integrity and 
availability of outsourced data and to achieve digital forensics and reliability on cloud 
computing. Provable data possession (PDP), which is a cryptographic method for validating 
the reliability of data without retrieving it at an untrusted server, can be used to realize audit 
services. In this project, profiting from the interactive zero -knowledge proof system, the 
construction of an interactive PDP protocol to prevent the fraudulence of prover (soundness 
property) and the leakage of verified data (zero knowledge property). To prove that our 
construction holds these properties based on the computation Diffie-Hellman assumption and 
the rewindable black-box knowledge extractor. An efficient mechanism on probabilistic 
queries and periodic verification is proposed to reduce the audit costs per verification and 
implement abnormal detection timely. Also, we present an efficient method for choosing an 
optimal parameter value to reduce computational overheads of cloud audit services. 

Keywords - security risks, audit services, Provable data possession (PDP), zero 
knowledge property, Diffie-Hellman assumption. 

1. Introduction 

In recent existence, the up-and-coming cloud-computing prototype is rapidly gaining 
momentum as an alternative to usual information technology. Cloud compute provide a 
scalability atmosphere for on the rise amounts of data and processes that work on various 
applications and services using on-demand self-services. One essential aspect of this model 
changing is that data are being centralized and outsourced into clouds. This kind of 
outsourced storage services in clouds have become a new profit growth point by providing a 
comparably short-price, scalable, locality-independent stage for managing consumers' data. 
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The cloud storage service (CSS) relieves the lumber of storage organization and 
maintenance. Though, if such an imperative service is predisposed to attacks or failures, it 
would bring permanent losses to users since their data or archives are stored into an unsure 
storage pool exterior the enterprise. These security risks come from the following reasons: the 
cloud infrastructures are much more powerful and reliable than personal computing devices. 

However, they are still susceptible to security threats both from outside and inside the 
cloud for the profit of their tenure, there exist various motivations for cloud service providers 
(CSP) to behave unfaithfully toward the cloud users Moreover, the dispute rarely suffers from 
the lack of trust on CSP. Accordingly, their actions may not be known by the cloud user, even 
if this quarrel may affect outcome from the users' improper operations (KO Et Al., 2011). 
Therefore, it is necessary for cloud service providers to offer an efficient assessment service 
to check the integrity and availability of the stored data. 

Traditional cryptographic technologies for data integrity and accessibility, based on 
chop function and signature scheme can't work on the outsourced data devoid of a local 
duplicate of data. Also, it is not a realistic solution for data validation by downloading them 
due to the expensive transaction, especially for large size files. Furthermore, the solutions to 
check the reality of the data in a cloud environment can be formidable and expensive for the 
cloud users (Armrest et al., 2010). Therefore, it is crucial to realize public assessment knack 
for CSS, so that data owners may resort to a third party assessment (TP A), who has expertise 
and capabilities that a common user does not cover, for occasional assessment the farm out 
data. This assessment service is significantly important for digital forensics and data 
assurance in clouds. 

To implement public assessment ability, the notions of proof of irretrievability (POR) 
(Jules, 2007) and provable data possession (PDP) (Attendees et al., 2007) have been proposed 
by some investigators. Their loom was based on a probabilistic proof technique for a storage 
provider to prove that clients' data remain intact without downloading the stored data, which 
is called "verification without downloading." For ease of use, some POR/PDP scheme toil on 
a publicly certifiable mode, so that someone can use the certification protocol to prove the 
availability of the stored data. Therefore, this provides us an efficient loom to accommodate 
the requirements from public assessment ability. POR/PDP schemes evolved around an 
untrusted storage offer a publicly accessible remote interface to check the tremendous amount 
of data. 


Although PDP/POR schemes evolved around untrusted storage, offer a publicly 
accessible remote interface to check and manage the tremendous amount of data, most of the 
obtainable schemes cannot give a strict security proof against the untrusted CSP's dishonesty 
and fake, as well as information leakage of verified data in the verification process. These 
drawbacks greatly affect the crash of cloud assessment services. Thus, new frameworks or 
models are desirable to enable the security of public verification protocol in cloud assessment 
services. Another major concern addressed by this paper is how to improve the performance 
of assessment services. 

The assessment performance concerns not only the costs of computation, 
communication, storage for assessment activities but also the scheduling of assessment 
actions. No distrust inappropriate arrangement, more or less repeated, causes poor assessment 
routine, but an efficient arrangement can help provide a better quality of and a more cost- 
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effective service. Hence, it is serious to examine a well-organized schedule for cloud 
assessment services. 

In practical applications, above conclusions will play a key role in obtaining a more 
efficient assessment schedule. Further, our optimization algorithm also supports an adaptive 
parameter selection for different sizes of files (or clusters), which could ensure that the extra 
storage is optimal for the verification process. 

Finally, implement a prototype of an assessment system to evaluate our proposed 
approach. Our experimental results not only validate the effectiveness of above-mentioned 
approaches and algorithms but also show our system has a lower computation cost, as well as 
a shorter extra storage for verification. List the features of our PDP scheme. Also contain an 
evaluation of related techniques, such as PDP, DPDP, and CPOR. Although the computation 
and communication overheads of O (t) and O (1) in PDP/SPDP schemes are lower than those 
of O (t + s) and O(s) in our scheme, our scheme has less difficulty due to the introduction of a 
scrap arrangement, in which an outsourced file is split into n blocks, and each block is also 
split into s sector. This means that the number of blocks in PDP/SPDP schemes is times more 
than that in our scheme and the number of sampling blocks t in our scheme is merely 1/s 
times more than that in PDP/SPDP schemes. Moreover, the chance of detection in our 
scheme is much greater than that in PDP/SPDP schemes because of 1 — (l -b)ts >1-(1 ~b)t. 
Also, our scheme, similar to PDP and CPOR schemes, provides the ownership proof of 
outsourced data as a result that it is constructed on the public -key verification knowledge, but 
SPDP and DPDP schemes cannot offer such a feature because they are only based on the 
Hash function. 

2. Related Works 

Arithmetic Operators for Pairing-Based Cryptography 

Since their introduction in constructive cryptographic applications, pairings over (hyper) 
elliptic curves are at the heart of an ever increasing number of protocols. Software implementations 
being rather slow, the study of hardware architectures became an active research area. Our 
architecture is based on a unified arithmetic operator which performs addition, multiplication and 
cubing over F397 [1], This design methodology allows us to design a compact coprocessor (1888 
slices on a Vertex-II Pro 4 FPGA) which compares favorably with other solutions described in the 
open literature. Then describe ways to extend our approach to any characteristic and any extension 
field. 

Finite Field Arithmetic 

Arithmetic in a finite field is different from standard integer arithmetic. There are a limited 
number of elements in the finite field; all operations performed in the finite field result in an element 
within that field. While each finite field is itself not infinite, there are infinitely many different finite 
fields; their number of elements (which is also called cardinality) is necessary of the form p n where p 
is a prime number and n is a positive integer, and two finite fields of the same size are isomorphic. 

The prime p is called the characteristic of the field, and the positive integer n is called the dimension 
of the field over its prime field [1], [2], [3], [4], 

Finite fields are used in a variety of applications, including in classical coding theory in linear 
block codes such as BCH codes and Reed-Solomon error correction and cryptography algorithms 
such as the Rijndael encryption algorithm. 
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Addition, Multiplication, and Frobenius Map over Fpm 

The architecture of the operators generated by our program is directly inspired from the 
unified operator given in Figure 1 and can be adapted to any prime characteristic p and any irreducible 
polynomial f(x) of degree m. Comparisons against FPGA-based accelerators over F397. The 
parameter D refers to the number of coefficients processed at each clock cycle by a multiplier [8]. 



Table 2.1 Addition Frobenius Map over Fpm 



Grabher and 
Page [13] 

Kerins 
it al. [17] 

Beuchat 
et al. [6,7] 

Algorithm 

Duursma-Lee 

Duursma-Lee 

ift pairing 

FPGA 

Virtex-II Pro 4 

Virtex-II Pro 125 

Cyclone II EP2C35 

Multiplier(s) 

MM 

18 (D = 4) 

9(17=3) 

Area 

4481 slices 

55616 slices 

~ 18000 LEs 

Clock cycles 

59946 

12866 

4849 

Clock frequency 

150 MHz 

15 MHz 

149 MHz 

Calculation time 

432.3 /is 

850 ps 

33 ps 


Addition over Fp[x]/ (f(x)) is performed in the same way as in the operator over F397 presented: the 
digits of the two operands are all added in parallel, thus requiring m additions over Fp. In the current 
version of the generator, those additions over Fp are implemented as simple look-up tables addressed 
by the bits of the two operands, particularly suited for small values of p (typically p = 2 to 7). For 
higher characteristics, it will be necessary to resort to more complex methods for modular addition. 

Table 2.2 Multiplication Frobenius Map over Fpm 



Ronan et d [25] 

Proposed 

architecture 

Algorithm 

t fr pairing 

i ) t pairing 

iff pairing 

FPGA 

Virtex-II Pro 100 

Virtex-II Pro 100 

Virtex-II Pro 4 

Multiplier(s) 

?»' 

II 

e> O 

2(5=8) 

1(5=3) 

Area 

10000 slices 

7491 sices 

1888 slices 

Clock cycles 

15113 

17190 

32618 

Clock frequency 

70,4 MHz 

70,4 MHz 

147 MHz 

Calculation time 

178/zs 

203/zs 

222/is 


Also as in the original operator, multiplication over F p [jc]/(/(jc)) - relies on a parallel-serial 

algorithm, with D digits of the multiplier being processed each iteration. The generation of the partial 
products, which consists in multiplying all the digits of the multiplicand with each digit of the 
multiplier, requires m multiplications over Fp in parallel for each of the D partial products. Here also, 
the multiplications over Fp are directly tabulated, as this is the best solution for small characteristics. 
Once the D partial products are computed, the D - 1 most significant ones along with the accumulator 
are then multiplied by xk (where k ranges from 1 to D) and reduced modulo f(x). After the modular 
reductions, the D partial products and the accumulator have added thanks to a binary tree of adders 
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over Fpm [5], [6], [7]. Consequently, to optimize the critical path of this multi-operand adder, one 
should choose a parameter D of the form 2n - 1 (typically D = 3, 7, 15 or 3 1). 

m— 1 

a(x) p modf (x) = ^ afx ip modf (x) 

i=0 

m— 1 

a(x) p modf (x) = ya i x' p modf(x) 

i=0 

Fig 2.1 Formula for Addition Frobenius Map over Fpm 

This general expression of the Frobenius map can then be seen as a sum of elements of Fpm. 
The coefficients of those polynomials can be directly matched to the coefficients of the operand, 
possibly multiplied by a constant. It is possible to reuse the partial product generation hardware of the 
multiplication to compute those polynomials, only some extra wiring being required for the 
permutation of the coefficients. The sum of all the polynomials can then be computed by the final 
multi-operand adder. To decrease the number of partial products necessary to compute the Frobenius 
map, a simple decomposition technique can be applied to share the maximum amount of hardware 
between these partial products. In case this is still not enough, a second technique can further pack the 
partial products, at the expense of some additions over Fp. 

Efficiency and Security 

The proposed PDP scheme relies only on efficient symmetric key operations in both setup 
(performed once) and verification phases. However, our scheme is more efficient than POR as it 
requires no bulk encryption of outsourced data and no data expansion due to additional sentinel 
blocks. Our scheme provides probabilistic assurance of the unhampered data being stored on the 
server with the exact probability fixed at setup. Furthermore, our scheme is provably secure in the 
random oracle model (ROM). 

3. Proposed System 

In this paper, utilize the public Provable data possession (PDP), which is a 
cryptographic technique for verifying the integrity of data without retrieving it at an untrusted 
server; can be used to realize audit services. It with random mask technique to achieve a 
privacy-preserving public auditing system for cloud data storage security while keeping all 
above requirements in mind. To support efficient Handling of multiple auditing tasks, further 
explore the technique of bilinear aggregate signature to extend our main result into a 
multiuser location, where TPA can achieve multiple audit tasks simultaneously. Extensive 
security and performance analysis shows the proposed schemes are provably secure and 
highly efficient. And also show how to an extent our main scheme to support batch auditing 
for TPA upon delegations from multi-users. 

Audit Service System 

In this module, we provide an efficient and secure cryptographic interactive audit 
scheme for public audit capacity. We provide an efficient and protected cryptographic 
interactive retains the consistency property and zero -knowledge property of evidence 
systems. These two properties make certain that our plan can not only prevent the deception 
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and forgery of cloud storage provider but also avoid the outflow of outsourced data in the 
process of verification. 

Data Storage Service System 

In this module, we considered FOUR entities to store the data in a secure manner: 

• Data Owner (DO) 

A large amount of data to be stored in the cloud. 

• Cloud Service Provider (CSP) 

Who provide data storage service and have sufficient storage spaces and computation 
resources. 

• Third Party Auditor (TPA) 

Who have capabilities to manage or monitor - outsourced data under the delegation of data 
owner? 

• Granted Applications (GA) 

Who has the right to access and maneuver stored data? These applications can be whichever 
inside clouds or faint clouds according to the specific requirements. 

Audit Outsourcing Service System 

In this module the client (data owner) uses the secret key to pre-process the file, which 
consists of a collected works of block, generate a set of civic Certification Information that is 
stored in TPA, transmit the box file and some certification tags to Cloud service supplier 
CSP, and may remove its local facsimile. At a later time, using a protocol of proof of 
irretrievability, TPA (as an audit agent of clients) issues a challenge to audit (or check) the 
integrity and availability of the outsourced data regarding the public certification in sequence. 

It is essential to give an alarm for irregular events. 

Secure and Performance Analysis 

In this module, we considered to secure the data and give the performance to the 
following: 

Audit-Without-Downloading 

To allow TPA (or other clients with the help of TPA) to verify the correctness of 
cloud data on demand without retrieving a copy of whole data or introducing additional on- 
line burden to the cloud users. 

V erification- Correctness 

To make sure there exists no devious CSP that can pass the audit from TPA without 
indeed storing users’ data intact. 
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Privacy-Preserving 

To make sure that there exist methods for TPA to originate consumer’s data from then 
information collected during the auditing process. 

High-Performance 

To allow TPA to perform auditing with minimum outlay in storage, communique, and 
computation, and to carry statistical inspect sampling and optimized audit schedule with a 
long enough period. 

4. Algorithm 

Our proposed solution and many of the related work are based on the following 
cryptographic primitives: 

One-way hash function 

A one-way hash function denoted as hi.), is a hash function that works in one 
direction: it is easy to compute a fixed-length digest him) from a variable- length pre-image 
m; however, it is hard to find a pre-image that hashes to a given hash value. Examples include 
MD5 and SHA. Will use the terms hash, a hash value and digest interchangeably. 

Digital signature 

A digital signature algorithm is a cryptographic tool for authenticating the integrity and 
origin of a signed message. In the algorithm, the signer uses a private key to generate digital 
signatures on messages, while a corresponding public key is used by anyone to verify the 
signatures. RSA and DSA are two commonly-used signature algorithms. 

Signature aggregation 

Different messages into one signature. Signing a message m involves computing the 
message hash him) and then the signature on the hash value. To aggregate t signatures, one 
simply multiphes the individual signatures, so the aggregated signature has the same size as 
each signature. Verification of an aggregated signature involves computing the product of all 
message hashes and then matching with the aggregated signature. 

Signature chain 

In a signature, chain scheme is proposed that enables clients to verify the 
completeness of answers to range queries. A very nice property of the scheme is that only 
result values are returned, thus ensuring that there is no violation of access control. The 
scheme is based on two concepts: (a) the signature of a record is derived from its digest as 
well as its left and right neighbors'. In this way, an attempt to drop any value from the answer 
of a range query will be detected since it would no longer be possible to derive the correct 
signature for the record that depends on the dropped value, (b) For the boundaries of the 
answer, a collaborative scheme that involves both the publisher and the client is proposed - 
the publisher performs partial computation based on but not revealing the two records 
bounding the answer and the query range, while the client completes the computation based 
on the two end points of the query range. 
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5. Result and Performance Analysis 
Signature Chain in Multi-Dimensional Space 

The goal of our work is to devise a solution for checking the correctness of query 
answers on multi-dimensional datasets. The design objectives include: 

Completeness: The user can verify that all the data points that satisfy a window query 
are included in the answer. 

Authenticity: The user can check that all the values in a query answer originated 
from the data owner. They have not been tampered with, nor have spurious data points been 
introduced. 

Precision: Proving the correctness of a query answer entails minimal disclosure of 
data points that lie beyond the query window. Define precision as the ratio of the number of 
data Points within the query window, to the number of data points returned to the user. 

Security: It is computationally infeasible for the publisher to cheat by generating a 
valid proof for an incorrect query answer. 

Efficiency: The procedure for the publisher to generate the proof for a query answer 
has polynomial complexity. Likewise, the procedure for the user to check the proof has 
polynomial complexity. 



Fig.5.1 Numbers of queried blocks under different detection probabilities and the 

different number of file blocks. 


57 


International Journal of MC Square Scientific Research Vol.6, No.l Nov 2014 


IJMSR 


— * — 

— ' — 




— 1 — 











— • — 0.90 
— 4 — 0.80 









— -0.60 










-0.50 































I 

1 










0 1000 2000 3000 4000 5000 6000 7000 8000 9000 10000 

The number of file blocks (10 disrupted blocks) 


Fig.5.2 Ratio of queried blocks in the total file blocks under different detection 
probabilities and a different number of disrupted blocks (for ten disrupted blocks). 

log(l-n) 

w.n.T.log(l- p b ) 

Without loss of generality, assume that the data in the multi-dimensional space are 
split into partitions - this can be done using a spatial data structure. To ensure that the answer 
for a window query is complete, two issues must be addressed. 

First, need to prove that the answer covers all the partitions that overlap the query 
window. Refer to these partitions as candidate partitions. Second, need to show that all 
qualifying values within each candidate partition are returned. 

The first issue is dependent on the partitioning strategy adopted 



0 2000 4000 6000 8000 10000 

The number of file blocks 
(The number of disrupted blocks is 1% of n) 

Fig.5.3 Ratio of queried blocks in total file blocks under different detection probabilities 

and 1 % disrupted blocks. 
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2 4 6 8 10 12 14 16 18 20 

The audit frequency(times/unit-time) (10 disrupted blocks) 


Fig.5.4 Ratio of queried blocks in the total file blocks under different audit frequency 
for 10 disrupted blocks and 10,000 file blocks. 


6. Conclusion 

In this dissertation, the construction of an efficient audit service for data integrity in 
clouds is discussed. In this audit service, the third party inspector, known as a manager of 
data proprietor, can issue a periodic certification to observe the change of outsourced data by 
providing an optimized schedule. To realize the audit model, it is necessary to maintain the 
security of the third party auditor and deploy a lightweight daemon to execute the verification 
protocol. This technology can be easily adopted in a cloud computing environment to replace 
the traditional hash-based solution. 

More importantly, this dissertation quantified a new audit approach based on 
probabilistic queries and periodic certifications, as well as an optimization scheme of bound 
of cloud inspect services. This approach enormously reduces the work stack on the storage 
servers; while still attain the detection of servers’ mischief with a high prospect. The 
experimental results clearly showed that our approach could minimize computation and 
communication overheads. 
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